30 October 2019, Johannesburg – Local service provider, Saicom has become one of only five ISPs in South Africa to become MANRS (Mutually Agreed Norms for Routing Security) compliant, and in so doing, assuring its clients that the internet is a more secure place.
The Internet’s routing information is exchanged between network operators (also known as autonomous systems or AS’) using a routing protocol initially designed in the 80’s, the BGP routing protocol is to a large degree a robust reliable protocol, however, it is often the poor implementation of this protocol by network operators which leads to outages and security breaches worldwide. Not a day goes by without incidents affecting the Internet routing system.
Mutually Agreed Norms for Routing Security (MANRS) is a global initiative supported by the Internet Society that aims to reduce some of the most common routing threats associated.
Says Greg de Chasteauneuf, CTO at Saicom, “our commitment to providing world class services and solutions includes finding ways to comply with the global standards. This certification adds a layer of routing security and stability to our Internet solutions set.”
As part of the compliance to MANRS standards, Saicom has implemented filtering, co-ordination and global validation measures that will not only prevent the propagation of incorrect routing information; facilitate global operational communication and co-ordination between network operators, but also facilitate validation of routing information on a global scale.
“Even accidental routing errors, can have far-reaching impact,” adds de Chasteauneuf, “like in June this year, when a small company in Northern Pennsylvania became the preferred path for one of the world’s largest network operators Verizon (AS701). This is like routing an eight lane highway of cars down a small dirt road in Zeerust. The Internet came to a grinding halt.”
While this example was accidental in nature, of more serious concern is that of sovereign nations who are intentionally hijacking parts of the Internet for surveillance purposes, and have been suspected of doing so, for several years.
‘China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking‘, by Chris C. Demchak (US Naval War College) and Yuval Shavitt (Tel Aviv University), say they analysed data from a special route-tracing system hosted at the University of Tel Aviv that is capable of detecting unusual patterns of BGP ‘announcements’.
During the state visit on September 24-25, 2015, President Xi Jinping of China and President Barack Obama reached a Cyber Agreement. Known as the voluntary Xi-Obama Cyber agreement, its intention was to stop military forces from hacking commercial enterprises for economic gain. The paper by Demchak and Shavitt show that whilst technically still adhering to the agreement, China has been seen quietly redirecting (or hijacking) parts of the internet through its numerous strategically placed, Chinese controlled internet ‘points of presence’ (PoPs) across the internet backbone of North America.
The implementation of the MANRS Actions is geared towards improving both routing security and operational efficiency amongst network operators and Internet Exchange Points (IXPs) and send a security-forward approach, and value added service to clients.
By looking for MANRS-compliant infrastructure partners, enterprises get increased security and service reliability, at the same time, eliminating common outages and/ or attacks.
Concludes de Chasteaueuf, “It is no longer a case of if, but when route safety will be compromised and it occurs almost daily. Route hijacking, route leaks, IP address spoofing, and other harmful activities can lead to DDoS attacks, traffic inspection, lost revenue, reputational damage, and more. These incidents are global in scale, with one operator’s routing problems cascading to impact others.
By working alongside MANRS and its partners and affiliates, we believe we are a step closer to curbing the severity of the attacks and giving our clients another layer of defence.”